View all alerts

14 Dec 2022 - Alert status: HIGH

Critical vulnerabilities in Citrix Gateway and Application Delivery Controller (ADC) devices

The Australian Cyber Security Centre (ACSC) is aware of a critical vulnerability affecting many versions of Citrix Gateway and ADC. All Australian operators should check for indicators of compromise and install the latest updated versions.

13 Dec 2022 - Alert status: HIGH

Critical severity vulnerability in Fortinet FortiOS SSL-VPN

The Australian Cyber Security Centre (ACSC) is aware of a heap-based buffer overflow vulnerability in FortiOS SSL-VPN. All Australian organisations should apply the available patch immediately.

01 Dec 2022 - Alert status: MEDIUM

Medibank Private Cyber Security Incident

ASD’s Australian Cyber Security Centre is working closely with Medibank Private following the recent incident.

08 Nov 2022 - Alert status: LOW

Multiple Vulnerabilities in VMware vRealize Hyperic monitoring and performance management product

The Australian Cyber Security Centre (ACSC) has identified a number of critical vulnerabilities affecting VMware’s vRealize Hyperic monitoring and performance management product.

02 Nov 2022 - Alert status: HIGH

High Severity vulnerability present in OpenSSL version 3.x

The Australian Cyber Security Centre (ACSC) is aware of a buffer overrun and buffer overflow vulnerability in OpenSSL versions above to 3.0. All Australian organisations using version 3.x should apply the available patch immediately.

13 Oct 2022 - Alert status: CRITICAL

Remote code execution vulnerability present in Fortinet devices

A vulnerability (CVE-2022-40684) has been identified in several Fortinet products running certain versions from 7.0.0 onwards, that could allow a malicious cyber actor to bypass authentication and perform unauthorised actions. Affected Australian organisations should apply the available patch and follow Fortinet’s mitigation advice.

11 Oct 2022 - Alert status: CRITICAL

Remote code execution vulnerability present in vm2 sandbox

The ACSC is aware of a remote code execution vulnerability in vm2 sandbox versions prior to 3.9.11. Affected Australian organisations should apply the available patch immediately.

10 Oct 2022 - Alert status: LOW

Vulnerability Alert – 2 new Vulnerabilities associated with Microsoft Exchange.

The Australian Cyber Security Centre (ACSC) is aware of 2 zero day vulnerabilities associated with Microsoft Exchange Servers 2013, 2016 and 2019 (Exchange).

30 Sep 2022 - Alert status: MEDIUM

Optus Data Breach

To help protect against fraud, Optus has notified customers to look to reputable sources such as Moneysmart and the Office of the Australian Information Commissioner.

08 Aug 2022 - Alert status: LOW

Are you ready for Australian domain name changes?

Australians have until 20 September 2022 to seek priority allocation of an .au direct domain name that matches their existing domain name.

04 Aug 2022 - Alert status: HIGH

Multiple vulnerabilities present in VMware products

The ACSC is aware of multiple vulnerabilities in VMware products. Affected Australian organisations should take appropriate action.

06 Jul 2022 - Alert status: LOW

Post-Quantum Cryptography

A cryptographically relevant quantum computer (CRQC) will render most contemporary public key cryptography (PKC) insecure, thus making ubiquitous secure communications based on current PKC technology infeasible. The Australian Signals Directorate (ASD) is aware of the risks presented by the creation of a CRQC and encourages organisations to consider anticipating future requirements and dependencies of vulnerable systems during the transition to PQC standards.

15 Jun 2022 - Alert status: CRITICAL

Exploitation of Microsoft Office vulnerability: Follina

The ACSC is aware of active exploitation of the Follina zero-day vulnerability in the Microsoft Support Diagnostic Tool (CVE-2022-30190). Affected Australian organisations should take appropriate action.

05 Jun 2022 - Alert status: CRITICAL

Remote code execution vulnerability present in Atlassian Confluence Server and Data Center

A critical unauthenticated remote code execution vulnerability (CVE-2022-26134) has been identified in all supported versions of Atlassian Confluence Server and Data Center. ACSC recommends organisations restrict internet access to and from affected devices.

09 May 2022 - Alert status: HIGH

Multiple vulnerabilities present in F5 products

The ACSC is aware of a F5 Security Advisory Addressing Multiple Vulnerabilities in their BIG-IP Product Range. Affected Australian organisations should take appropriate action.

04 Apr 2022 - Alert status: HIGH

Multiple vulnerabilities present in the Spring Framework for Java

The ACSC is aware of media reporting relating to multiple potential vulnerabilities, including the so-called SpringShell vulnerability, in the Java Spring framework and its execution environments. These vulnerabilities pose a threat to organisations running applications on the web which contain components using the Java Spring framework.

30 Mar 2022 - Alert status: HIGH

Remote code execution vulnerability present in Sophos Firewall

A vulnerability (CVE-2022-1040) has been identified in Sophos Firewall prior to version 18.5 which could allow a malicious cyber actor to perform remote code execution. Affected Australian organisations should apply the available patch.

28 Mar 2022 - Alert status: HIGH

Australian organisations encouraged to urgently adopt an enhanced cyber security posture

Australian organisations are encouraged to urgently adopt an enhanced cyber security posture. Organisations should act now and follow ACSC’s advice to improve their cyber security resilience in light of the heightened threat environment.

23 Mar 2022 - Alert status: LOW

New domain name changes could leave your business or organisation at risk

The new domain name category, could leave your business or organisation open to fraudulent cyber activity. Register your .au domain name before it becomes available to the general public.

12 Feb 2022 - Alert status: CRITICAL

Critical vulnerability identified in Apple iOS and macOS

A Remote Code Execution vulnerability has been identified in certain versions of Apple WebKit, affecting iOS and macOS devices. Affected users of these devices should update their devices as soon as possible.

11 Feb 2022 - Alert status: HIGH

Critical vulnerability present in SAP Internet Communication Manager

A vulnerability has been identified in SAP Internet Communication Manager (ICM), a component of many SAP products, which may allow full system takeover. Affected organisations should apply the available security update.

10 Feb 2022 - Alert status: MEDIUM

Increased Global Ransomware Threats

In 2021, cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally.

04 Feb 2022 - Alert status: HIGH

Remote code execution vulnerability present in Samba versions prior to 4.13.17

A vulnerability (CVE-2021-44142) has been identified in Samba versions prior to 4.13.17. Exploitation of this vulnerability could allow a malicious cyber actor to perform privileged remote code execution. Affected Australian organisations should apply the available patch, including affected software vendors.

19 Jan 2022 - Alert status: HIGH

Remote code execution vulnerability present in SonicWall SMA 100 series appliances

A vulnerability (CVE-2021-20038) has been identified in SonicWall SMA 100 series appliances. Exploitation of this vulnerability could allow an unauthenticated malicious cyber actor to perform remote code execution. Affected Australian organisations should apply the available patch.

19 Jan 2022 - Alert status: MEDIUM

Phone and email scammers impersonating the ACSC

The Australian government will NEVER phone you to request access to your computer, or request you to purchase cryptocurrencies or gift cards. If you receive a suspicious phone call, take the caller's details, hang up and contact the company they claim to represent via official communication channels listed on their website. Never call a number provided by the scammer.

23 Dec 2021 - Alert status: HIGH

Use of Log4j vulnerabilities in ransomware activity

The ACSC expects an increase in ransomware activity using Log4j as an exploit vector. Malicious actors may take advantage of trivial exploits to impact Australian organisations.

21 Dec 2021 - Alert status: CRITICAL

Critical remote code execution vulnerability found in the Log4j library

A vulnerability (CVE-2021-44228) exists in certain versions of the Log4j library. A malicious cyber actor could exploit this vulnerability to execute arbitrary code. Australian organisations should apply latest patches immediately where Log4j is known to be used.

10 Dec 2021 - Alert status: MEDIUM

Conti ransomware incidents in Australia

Multiple Australian organisations have been impacted by Conti ransomware in November and December 2021.

08 Dec 2021 - Alert status: HIGH

Zoho ManageEngine ServiceDesk Plus & Desktop Central remote code execution vulnerabilities

Vulnerabilities have been identified in certain versions of Zoho ManageEngine ServiceDesk Plus and Desktop Central product suites. Australian organisations using vulnerable Zoho ManageEngine products should apply the available patch.

17 Nov 2021 - Alert status: CRITICAL

Iranian Government-Sponsored APT Cyber Actors

FBI and CISA have observed an Iranian government-sponsored APT group that are exploiting vulnerabilities to gain access to systems. The APT group has exploited the same Microsoft Exchange vulnerability in Australia.

11 Nov 2021 - Alert status: CRITICAL

Critical vulnerability present in certain versions of Microsoft Excel

Microsoft has identified active exploitation of a vulnerability in Microsoft Excel. Affected Australian organisations should apply the available security update as soon as possible.

11 Nov 2021 - Alert status: HIGH

Remote code execution vulnerability present in certain versions of Palo Alto firewalls utilising the GlobalProtect VPN component

A vulnerability has been identified in certain versions of Palo Alto firewalls utilising the GlobalProtect VPN component. Affected Australian organisations should apply the available update as soon as possible.

05 Nov 2021 - Alert status: CRITICAL

Active exploitation of vulnerable Sitecore Experience Platform content management systems

There is active exploitation of a vulnerability occurring in certain versions of Sitecore Experience Platform systems. Affected Australian organisation should apply the available security update.

13 Oct 2021 - Alert status: HIGH

Critical vulnerability present in certain versions of Apple iOS and iPadOS

A vulnerability has been identified in certain Apple products which could allow an actor to install malware or perform other actions on a vulnerable device.

13 Oct 2021 - Alert status: HIGH

Multiple key vulnerabilities identified in Microsoft products

Multiple key vulnerabilities were identified in Microsoft’s 12 October 2021 patch release. While all vulnerabilities addressed in this release are important to mitigate the ACSC wishes to highlight several vulnerabilities for priority consideration.

08 Oct 2021 - Alert status: CRITICAL

Critical vulnerability in certain versions of Apache HTTP Server

A vulnerability exists in Apache HTTP Server 2.4.49. A cyber actor could exploit this vulnerability to execute arbitrary code. Initial information also indicates that the vulnerability could also be used perform remote code execution under certain configurations. Affected Australian organisations should apply the available patch.

24 Sep 2021 - Alert status: HIGH

Critical vulnerability in ManageEngine ADSelfService Plus exploited by cyber actors

A vulnerability exists in certain versions of ManageEngine ADSelfService Plus. A cyber actor could exploit this vulnerability to execute arbitrary code, potentially enabling the actor to take control of the vulnerable host. Affected Australian organisations should apply the available security update.

22 Sep 2021 - Alert status: CRITICAL

Critical vulnerability in certain Hikvision products, IP cameras

A critical vulnerability exists in Hikvision products, including IP cameras, which could allow a cyber actor to take full control of the device. Affected Australian customers should apply an appropriate firmware update provided by Hikvision.

16 Sep 2021 - Alert status: CRITICAL

Remote code execution vulnerability present in Open Management Infrastructure, affects certain Microsoft Azure services

A remote code execution vulnerability exists in Open Management Infrastructure, a management agent used in certain Linux-based Microsoft Azure services. Exploitation of this vulnerability could allow a malicious actor to take control of the vulnerable host. Affected organisations should apply the available security update.

16 Sep 2021 - Alert status: HIGH

Remote code execution vulnerability present in the Windows Scripting Engine of Microsoft Windows

A vulnerability exists in a component of Microsoft Windows. A malicious cyber actor could exploit this vulnerability to execute arbitrary code, potentially enabling the actor to take control of the vulnerable host. Affected Australian customers should apply the security update provided by Microsoft.

14 Sep 2021 - Alert status: HIGH

Remote code execution vulnerability present in the MSHTML component of Microsoft Windows

A vulnerability exists in a component of Microsoft Windows. A malicious cyber actor could exploit this vulnerability to execute arbitrary code, potentially enabling the actor to take control of the vulnerable host. At this current time there is no patch available, affected Australian customers should apply the Microsoft recommended workarounds.

14 Sep 2021 - Alert status: HIGH

Critical vulnerabilities present in certain versions of Apple iOS, macOS and Safari

Vulnerabilities have been identified in certain versions of Apple iOS, macOS and Safari which could allow an actor to install malware or perform other actions on a vulnerable device or computer.

10 Sep 2021 - Alert status: MEDIUM

Suspected user credentials stolen from FortiNet devices leaked online

A malicious cyber actor has leaked a list of suspected user credentials and IP address of the associated FortiNet SSL VPN device the credentials are used for. Organisations should review the patch status and history of internet exposed FortiNet SSL VPN devices and consider performing a password reset for affected users.

01 Sep 2021 - Alert status: HIGH

Remote code execution vulnerability present in certain versions of Atlassian Confluence

A vulnerability exists in certain self-hosted versions of Atlassian Confluence which could allow a malicious cyber actor to execute arbitrary code. Affected organisations should apply the available patch to mitigate this vulnerability.

30 Aug 2021 - Alert status: MEDIUM

Property-related business email compromise scams rising in Australia

Cybercriminals are targeting the property and real estate sector to conduct business email compromise scams. All parties involved in the buying, selling and leasing of property should be vigilant when communicating via email, particularly during settlement periods.

27 Aug 2021 - Alert status: MEDIUM

Malicious actors deploying Gootkit Loader on Australian Networks

ACSC has observed an increase of Gootkit JavaScript (JS) Loaders on Australian networks.

19 Aug 2021 - Alert status: HIGH

Microsoft Exchange ProxyShell Targeting in Australia

The ACSC has observed targeting of the Microsoft Exchange ProxyShell vulnerability by Malicious actors.

18 Aug 2021 - Alert status: HIGH

Vulnerability Affecting BlackBerry QNX RTOS

BlackBerry has disclosed that its QNX Real Time Operating System is affected by a BadAlloc vulnerability - CVE-2021-22156. QNX is the world’s most prevalent real time operating system.

05 Aug 2021 - Alert status: MEDIUM

LockBit 2.0 ransomware incidents in Australia

The ACSC has observed an increase in reporting of LockBit 2.0 ransomware incidents in Australia.

03 Aug 2021 - Alert status: HIGH

SonicWall devices targeted with ransomware utilising stolen credentials

SonicWall devices are being targeted by a malicious cyber actor as targets for ransomware. The ACSC is aware of likely related activity targeting Australian organisations.